Welcome to the comprehensive automation solution for managing MongoDB Atlas database users dynamically based on Google Cloud Platform (GCP) Cloud Run resources.
This project provides a cross-platform Terraform and Python-based pipeline to automatically generate and manage MongoDB Atlas database users with secure, randomly generated passwords. It is divided into two main modules depending on your infrastructure architecture:
Use Case: Ideal for batch processes, scheduled tasks, and asynchronous workers deployed as Cloud Run Jobs.
- Discovers GCP Cloud Run Jobs containing a specific environment name.
- Creates matching database users in MongoDB Atlas.
- Generates secure 20-character passwords and assigns appropriate database read/write roles.
Use Case: Ideal for web applications, APIs, and microservices functioning as continuous Cloud Run Services.
- Discovers active GCP Cloud Run Services filtered by environment.
- Provisions corresponding MongoDB Atlas database users dynamically.
- Automatically handles the integration and outputs secure connection URIs for application use.
cloudrun-mongo-cred-rotator/
├── Cloud-Run-Job/ # Terraform configs and scripts for Cloud Run Jobs
│ ├── scripts/deploy.py # Automation Python deployment script
│ ├── scripts/get_jobs.py # Python script to fetch GCP Cloud Run jobs
│ ├── main.tf # Atlas user provisioning declarations
│ └── README.md # Detailed Job-specific module documentation
│
└── Cloud-Run-Service/ # Terraform configs and scripts for Cloud Run Services
├── scripts/deploy.py # Automation Python deployment script
├── scripts/get_users.py # Python script to fetch GCP Cloud Run services
├── main.tf # Atlas user provisioning declarations
└── README.md # Detailed Service-specific module documentation
- Terraform (v1.0+)
- Google Cloud SDK (
gcloudCLI) installed and authenticated. - Python 3 installed and available on your PATH.
- A MongoDB Atlas Account with a configured Project and Cluster.
-
Clone the Repository: Start by cloning this project to your local machine:
git clone https://github.com/mpandey95/cloudrun-mongo-cred-rotator.git cd cloudrun-mongo-cred-rotator -
Choose Your Target Resource Module: Determine if you are managing users for Cloud Run Jobs or Cloud Run Services, and navigate to the respective directory:
For Cloud Run Jobs:
cd Cloud-Run-Job/For Cloud Run Services:
cd Cloud-Run-Service/ -
Configure Your Credentials: Create an environment-specific variable file (e.g.,
dev.tfvars,prod.tfvars) inside the chosen module directory:gcp_project_id = "your-gcp-project-id" gcp_state_bucket = "your-tf-state-bucket" atlas_project_id = "your-atlas-project-id" atlas_public_key = "your-atlas-public-key" atlas_private_key = "your-atlas-private-key" atlas_cluster_name = "your-cluster-name"
-
Deploy the Infrastructure: Run the platform-agnostic Python deployment wrapper script, passing your target environment (e.g.,
dev,uat,prod): For Cloud Run Jobs:# Ensure you are in the Cloud-Run-Job/ directory chmod +x scripts/deploy.py ./scripts/deploy.py --env="dev"
For Cloud Run Services:
# Ensure you are in the Cloud-Run-Service/ directory chmod +x scripts/deploy.py ./scripts/deploy.py --env="dev"
(To destroy existing infrastructure, append
--destroyto the corresponding script). -
Retrieve Connection Details: Once successfully applied, Terraform will automatically persist the newly generated database credentials locally in
connection_strings.jsonand a list of created accounts inusers.txt.
Note: For detailed module architecture, diagrams, and specific troubleshooting, please refer to the individual
README.mdfiles located within theCloud-Run-Job/andCloud-Run-Service/directories.
Manish Pandey — Senior DevOps/Platform Engineer
- ☁️ Cloud & Platforms: GCP, AWS
- ⚙️ Platform & DevOps: Kubernetes, Docker, Terraform, Helm, Ansible, CI/CD
- 🔐 Security & Ops: IAM, Networking, Monitoring, Secrets Management
- 🧑💻 Programming: Python, Bash, YAML
- 💾 Database: SQL, MongoDB
- GitHub: mpandey95
- LinkedIn: manish-pandey95
- Email: mnshkmrpnd@gmail.com
See LICENSE